A large global diversified financial services company sought to design and implement a data masking strategy to prevent developers, quality assurance (QA) and third-party service providers from having direct exposure to confidential data. Our client had more than 200 applications across a myriad of systems and lines of business to address. In each case, names, addresses, Social Security numbers, and other identifying information had to be hidden from potentially prying eyes.

We began the engagement by interviewing key IT and development stakeholders, collecting and reviewing existing application artifacts to input into PwC’s proprietary Data Obfuscation tool, which enables mapping of application information risks and the complexity of the client’s environment. We then worked collaboratively with that stakeholder to review data masking delivery options. Together we identified and prioritized multiple waves of applications for which they should execute masking. Our comprehensive program roadmap included activities to establish the organization, a high level governance framework, and recommendations on how to conduct appropriate processes changes. We tested to make sure all systems could communicate with each other and performed validation testing as well.

By leveraging our proprietary strategic accelerators to minimize delivery risk and leveraging our entire firm’s knowledge, we helped the company become one of only a few that have taken steps to address data privacy proactively. Today we are executing on the data masking roadmap we created, and as the company stands up the system, it expects to continue to mitigate risk in non-production environments associated with common testing practices and reduce its exposure to potentially damaging data breaches both onshore and offshore.